Merge "[nova]: split service accounts from the main nova.conf"
This commit is contained in:
Zuul
43
helm-toolkit/templates/manifests/_secret-ks-etc.yaml.tpl
Normal file
43
helm-toolkit/templates/manifests/_secret-ks-etc.yaml.tpl
Normal file
@@ -0,0 +1,43 @@
|
|||||||
|
{{/*
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- define "helm-toolkit.manifests.secret_ks_etc" -}}
|
||||||
|
{{- $envAll := index . "envAll" -}}
|
||||||
|
{{- $serviceName := index . "serviceName" -}}
|
||||||
|
{{- $serviceUserSections := index . "serviceUserSections" -}}
|
||||||
|
{{- $serviceNamePretty := $serviceName | replace "_" "-" -}}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ printf "%s-ks-etc" $serviceNamePretty | quote }}
|
||||||
|
annotations:
|
||||||
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||||
|
{{ tuple "ks_etc" $serviceName $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
|
||||||
|
type: Opaque
|
||||||
|
data:
|
||||||
|
{{- range $epName, $sectionName := $serviceUserSections }}
|
||||||
|
{{- $epAuth := index $envAll.Values.endpoints.identity.auth $epName -}}
|
||||||
|
{{- $configSection := dict
|
||||||
|
"region_name" $epAuth.region_name
|
||||||
|
"project_name" $epAuth.project_name
|
||||||
|
"project_domain_name" $epAuth.project_domain_name
|
||||||
|
"user_domain_name" $epAuth.user_domain_name
|
||||||
|
"username" $epAuth.username
|
||||||
|
"password" $epAuth.password
|
||||||
|
-}}
|
||||||
|
{{- $configSnippet := dict $sectionName $configSection }}
|
||||||
|
{{ printf "%s_%s.conf" $serviceName $sectionName | indent 2 }}: {{ include "helm-toolkit.utils.to_oslo_conf" $configSnippet | b64enc }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
||||||
@@ -29,25 +29,6 @@ limitations under the License.
|
|||||||
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "auth_url" -}}
|
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "auth_url" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- if empty .Values.conf.nova.keystone_authtoken.region_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.nova.region_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.keystone_authtoken.project_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.keystone_authtoken "project_name" .Values.endpoints.identity.auth.nova.project_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.keystone_authtoken.project_domain_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.nova.project_domain_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.keystone_authtoken.user_domain_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.nova.user_domain_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.keystone_authtoken.username -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.keystone_authtoken "username" .Values.endpoints.identity.auth.nova.username -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.keystone_authtoken.password -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.keystone_authtoken "password" .Values.endpoints.identity.auth.nova.password -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}}
|
{{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}}
|
||||||
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "memcached_servers" -}}
|
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken "memcached_servers" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
@@ -60,24 +41,6 @@ limitations under the License.
|
|||||||
{{- if empty .Values.conf.nova.service_user.auth_url -}}
|
{{- if empty .Values.conf.nova.service_user.auth_url -}}
|
||||||
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.service_user "auth_url" -}}
|
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.service_user "auth_url" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if empty .Values.conf.nova.service_user.region_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.service_user "region_name" .Values.endpoints.identity.auth.service.region_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.service_user.project_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.service_user "project_name" .Values.endpoints.identity.auth.service.project_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.service_user.project_domain_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.service_user "project_domain_name" .Values.endpoints.identity.auth.service.project_domain_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.service_user.user_domain_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.service_user "user_domain_name" .Values.endpoints.identity.auth.service.user_domain_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.service_user.username -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.service_user "username" .Values.endpoints.identity.auth.service.username -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.service_user.password -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.service_user "password" .Values.endpoints.identity.auth.service.password -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
@@ -124,25 +87,6 @@ limitations under the License.
|
|||||||
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.neutron "auth_url" -}}
|
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.neutron "auth_url" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- if empty .Values.conf.nova.neutron.region_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.neutron "region_name" .Values.endpoints.identity.auth.neutron.region_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.neutron.project_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.neutron "project_name" .Values.endpoints.identity.auth.neutron.project_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.neutron.project_domain_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.neutron "project_domain_name" .Values.endpoints.identity.auth.neutron.project_domain_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.neutron.user_domain_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.neutron "user_domain_name" .Values.endpoints.identity.auth.neutron.user_domain_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.neutron.username -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.neutron "username" .Values.endpoints.identity.auth.neutron.username -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.neutron.password -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.neutron "password" .Values.endpoints.identity.auth.neutron.password -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- if empty .Values.conf.nova.cache.memcache_servers -}}
|
{{- if empty .Values.conf.nova.cache.memcache_servers -}}
|
||||||
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.cache "memcache_servers" -}}
|
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.cache "memcache_servers" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
@@ -159,25 +103,6 @@ limitations under the License.
|
|||||||
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.nova.placement "auth_url" -}}
|
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.nova.placement "auth_url" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- if empty .Values.conf.nova.placement.region_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.placement "region_name" .Values.endpoints.identity.auth.placement.region_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.placement.project_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.placement "project_name" .Values.endpoints.identity.auth.placement.project_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.placement.project_domain_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.placement "project_domain_name" .Values.endpoints.identity.auth.placement.project_domain_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.placement.user_domain_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.placement "user_domain_name" .Values.endpoints.identity.auth.placement.user_domain_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.placement.username -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.placement "username" .Values.endpoints.identity.auth.placement.username -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.placement.password -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.placement "password" .Values.endpoints.identity.auth.placement.password -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- if eq .Values.console.console_kind "novnc"}}
|
{{- if eq .Values.console.console_kind "novnc"}}
|
||||||
{{- $_ := "true" | set .Values.conf.nova.vnc "enabled" -}}
|
{{- $_ := "true" | set .Values.conf.nova.vnc "enabled" -}}
|
||||||
{{- if empty .Values.conf.nova.vnc.novncproxy_base_url -}}
|
{{- if empty .Values.conf.nova.vnc.novncproxy_base_url -}}
|
||||||
@@ -231,24 +156,6 @@ limitations under the License.
|
|||||||
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.ironic "auth_url" -}}
|
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.ironic "auth_url" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- if empty .Values.conf.nova.ironic.region_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.ironic "region_name" .Values.endpoints.identity.auth.ironic.region_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.ironic.project_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.ironic "project_name" .Values.endpoints.identity.auth.ironic.project_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.ironic.project_domain_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.ironic "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.ironic.user_domain_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.ironic "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.ironic.username -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.ironic "username" .Values.endpoints.identity.auth.ironic.username -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.ironic.password -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.ironic "password" .Values.endpoints.identity.auth.ironic.password -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.ironic.auth_type -}}
|
{{- if empty .Values.conf.nova.ironic.auth_type -}}
|
||||||
{{- $_ := set .Values.conf.nova.ironic "auth_type" .Values.endpoints.identity.auth.ironic.auth_type -}}
|
{{- $_ := set .Values.conf.nova.ironic "auth_type" .Values.endpoints.identity.auth.ironic.auth_type -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
@@ -271,25 +178,6 @@ limitations under the License.
|
|||||||
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.cinder "auth_url" -}}
|
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.cinder "auth_url" -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
{{- if empty .Values.conf.nova.cinder.os_region_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.cinder "os_region_name" .Values.endpoints.identity.auth.cinder.region_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.cinder.project_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.cinder "project_name" .Values.endpoints.identity.auth.cinder.project_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.cinder.project_domain_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.cinder "project_domain_name" .Values.endpoints.identity.auth.cinder.project_domain_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.cinder.user_domain_name -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.cinder "user_domain_name" .Values.endpoints.identity.auth.cinder.user_domain_name -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.cinder.username -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.cinder "username" .Values.endpoints.identity.auth.cinder.username -}}
|
|
||||||
{{- end -}}
|
|
||||||
{{- if empty .Values.conf.nova.cinder.password -}}
|
|
||||||
{{- $_ := set .Values.conf.nova.cinder "password" .Values.endpoints.identity.auth.cinder.password -}}
|
|
||||||
{{- end -}}
|
|
||||||
|
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
||||||
|
|||||||
@@ -73,6 +73,9 @@ spec:
|
|||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
mountPath: /etc/nova/nova.conf.d/
|
||||||
|
readOnly: true
|
||||||
- name: archive-deleted-rows-conf
|
- name: archive-deleted-rows-conf
|
||||||
mountPath: /etc/nova/logging.conf
|
mountPath: /etc/nova/logging.conf
|
||||||
subPath: logging.conf
|
subPath: logging.conf
|
||||||
@@ -93,6 +96,11 @@ spec:
|
|||||||
- name: archive-deleted-rows-conf
|
- name: archive-deleted-rows-conf
|
||||||
secret:
|
secret:
|
||||||
secretName: nova-etc
|
secretName: nova-etc
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
name: nova-ks-etc
|
||||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
|
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
|
||||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
|
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
@@ -74,6 +74,9 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
- name: etcnova
|
- name: etcnova
|
||||||
mountPath: /etc/nova
|
mountPath: /etc/nova
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
mountPath: /etc/nova/nova.conf.d/
|
||||||
|
readOnly: true
|
||||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
|
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: pod-tmp
|
- name: pod-tmp
|
||||||
@@ -88,5 +91,10 @@ spec:
|
|||||||
configMap:
|
configMap:
|
||||||
name: nova-bin
|
name: nova-bin
|
||||||
defaultMode: 0555
|
defaultMode: 0555
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
name: nova-ks-etc
|
||||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
|
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
@@ -340,6 +340,9 @@ spec:
|
|||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova-compute.conf
|
subPath: nova-compute.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
mountPath: /etc/nova/nova.conf.d/
|
||||||
|
readOnly: true
|
||||||
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
@@ -512,6 +515,11 @@ spec:
|
|||||||
secret:
|
secret:
|
||||||
secretName: {{ $configMapName }}
|
secretName: {{ $configMapName }}
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
name: nova-ks-etc
|
||||||
{{- if .Values.network.ssh.enabled }}
|
{{- if .Values.network.ssh.enabled }}
|
||||||
- name: nova-ssh
|
- name: nova-ssh
|
||||||
secret:
|
secret:
|
||||||
|
|||||||
@@ -91,6 +91,9 @@ spec:
|
|||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
mountPath: /etc/nova/nova.conf.d/
|
||||||
|
readOnly: true
|
||||||
- name: pod-shared
|
- name: pod-shared
|
||||||
mountPath: /tmp/pod-shared
|
mountPath: /tmp/pod-shared
|
||||||
containers:
|
containers:
|
||||||
@@ -143,6 +146,9 @@ spec:
|
|||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
mountPath: /etc/nova/nova.conf.d/
|
||||||
|
readOnly: true
|
||||||
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
@@ -215,6 +221,11 @@ spec:
|
|||||||
secret:
|
secret:
|
||||||
secretName: nova-etc
|
secretName: nova-etc
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
name: nova-ks-etc
|
||||||
- name: pod-shared
|
- name: pod-shared
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
|
|||||||
@@ -111,6 +111,9 @@ spec:
|
|||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
mountPath: /etc/nova/nova.conf.d/
|
||||||
|
readOnly: true
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/nova/nova-api-uwsgi.ini
|
mountPath: /etc/nova/nova-api-uwsgi.ini
|
||||||
subPath: nova-api-uwsgi.ini
|
subPath: nova-api-uwsgi.ini
|
||||||
@@ -166,6 +169,11 @@ spec:
|
|||||||
secret:
|
secret:
|
||||||
secretName: nova-etc
|
secretName: nova-etc
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
name: nova-ks-etc
|
||||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
|
|||||||
@@ -115,6 +115,9 @@ spec:
|
|||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
mountPath: /etc/nova/nova.conf.d/
|
||||||
|
readOnly: true
|
||||||
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
@@ -140,6 +143,11 @@ spec:
|
|||||||
secret:
|
secret:
|
||||||
secretName: nova-etc
|
secretName: nova-etc
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
name: nova-ks-etc
|
||||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
|
|||||||
@@ -92,6 +92,9 @@ spec:
|
|||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
mountPath: /etc/nova/nova.d
|
||||||
|
readOnly: true
|
||||||
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
@@ -138,6 +141,9 @@ spec:
|
|||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
mountPath: /etc/nova/nova.d
|
||||||
|
readOnly: true
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/nova/logging.conf
|
mountPath: /etc/nova/logging.conf
|
||||||
subPath: logging.conf
|
subPath: logging.conf
|
||||||
@@ -168,6 +174,11 @@ spec:
|
|||||||
secret:
|
secret:
|
||||||
secretName: nova-etc
|
secretName: nova-etc
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
name: nova-ks-etc
|
||||||
- name: pod-usr-share-novnc
|
- name: pod-usr-share-novnc
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
- name: pod-shared
|
- name: pod-shared
|
||||||
|
|||||||
@@ -115,6 +115,9 @@ spec:
|
|||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
mountPath: /etc/nova/nova.conf.d/
|
||||||
|
readOnly: true
|
||||||
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
@@ -140,6 +143,11 @@ spec:
|
|||||||
secret:
|
secret:
|
||||||
secretName: nova-etc
|
secretName: nova-etc
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
name: nova-ks-etc
|
||||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
|
|||||||
@@ -90,6 +90,9 @@ spec:
|
|||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
mountPath: /etc/nova/nova.conf.d/
|
||||||
|
readOnly: true
|
||||||
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
@@ -121,6 +124,9 @@ spec:
|
|||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
mountPath: /etc/nova/nova.conf.d/
|
||||||
|
readOnly: true
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/nova/logging.conf
|
mountPath: /etc/nova/logging.conf
|
||||||
subPath: logging.conf
|
subPath: logging.conf
|
||||||
@@ -146,6 +152,11 @@ spec:
|
|||||||
secret:
|
secret:
|
||||||
secretName: nova-etc
|
secretName: nova-etc
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
name: nova-ks-etc
|
||||||
- name: pod-usr-share-serial
|
- name: pod-usr-share-serial
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
- name: pod-shared
|
- name: pod-shared
|
||||||
|
|||||||
@@ -133,6 +133,9 @@ spec:
|
|||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
mountPath: /etc/nova/nova.conf.d/
|
||||||
|
readOnly: true
|
||||||
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
@@ -157,6 +160,11 @@ spec:
|
|||||||
secret:
|
secret:
|
||||||
secretName: nova-etc
|
secretName: nova-etc
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
name: nova-ks-etc
|
||||||
- name: pod-usr-share-spice-html5
|
- name: pod-usr-share-spice-html5
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
- name: pod-shared
|
- name: pod-shared
|
||||||
|
|||||||
@@ -103,6 +103,9 @@ spec:
|
|||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
mountPath: /etc/nova/nova.conf.d/
|
||||||
|
readOnly: true
|
||||||
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
@@ -124,6 +127,11 @@ spec:
|
|||||||
secret:
|
secret:
|
||||||
secretName: nova-etc
|
secretName: nova-etc
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
name: nova-ks-etc
|
||||||
- name: nova-bin
|
- name: nova-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-bin
|
name: nova-bin
|
||||||
|
|||||||
34
nova/templates/secret-ks-etc.yaml
Normal file
34
nova/templates/secret-ks-etc.yaml
Normal file
@@ -0,0 +1,34 @@
|
|||||||
|
{{/*
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.secret_ks_etc }}
|
||||||
|
{{- $envAll := . -}}
|
||||||
|
{{/* the endpoints.identity.auth sections with the oslo conf sections they get rendered to */}}
|
||||||
|
{{- $ksUsers := dict
|
||||||
|
"nova" "keystone_authtoken"
|
||||||
|
"neutron" "neutron"
|
||||||
|
"placement" "placement"
|
||||||
|
"ironic" "ironic"
|
||||||
|
"cinder" "cinder"
|
||||||
|
-}}
|
||||||
|
{{- if .Values.conf.nova.service_user.send_service_user_token }}
|
||||||
|
{{- $_ := set $ksUsers "service" "service_user" -}}
|
||||||
|
{{- end }}
|
||||||
|
{{ dict
|
||||||
|
"envAll" $envAll
|
||||||
|
"serviceName" "nova"
|
||||||
|
"serviceUserSections" $ksUsers
|
||||||
|
| include "helm-toolkit.manifests.secret_ks_etc"
|
||||||
|
}}
|
||||||
|
{{- end }}
|
||||||
@@ -74,6 +74,9 @@ spec:
|
|||||||
mountPath: /etc/nova/nova-compute.conf
|
mountPath: /etc/nova/nova-compute.conf
|
||||||
subPath: nova-compute.conf
|
subPath: nova-compute.conf
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
mountPath: /etc/nova/nova.conf.d/
|
||||||
|
readOnly: true
|
||||||
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
{{- if .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
|
||||||
@@ -106,6 +109,11 @@ spec:
|
|||||||
secret:
|
secret:
|
||||||
secretName: nova-etc
|
secretName: nova-etc
|
||||||
defaultMode: 0444
|
defaultMode: 0444
|
||||||
|
- name: nova-etc-snippets
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- secret:
|
||||||
|
name: nova-ks-etc
|
||||||
- name: varlibironic
|
- name: varlibironic
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /var/lib/ironic
|
path: /var/lib/ironic
|
||||||
|
|||||||
@@ -2697,6 +2697,7 @@ manifests:
|
|||||||
secret_db: true
|
secret_db: true
|
||||||
secret_ingress_tls: true
|
secret_ingress_tls: true
|
||||||
secret_keystone: true
|
secret_keystone: true
|
||||||
|
secret_ks_etc: true
|
||||||
secret_rabbitmq: true
|
secret_rabbitmq: true
|
||||||
secret_registry: true
|
secret_registry: true
|
||||||
service_ingress_metadata: true
|
service_ingress_metadata: true
|
||||||
|
|||||||
8
releasenotes/notes/nova-476f40003a31bc77.yaml
Normal file
8
releasenotes/notes/nova-476f40003a31bc77.yaml
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Split out the OpenStack service account definitions from nova.conf and into
|
||||||
|
config snippets which are loaded at /etc/nova/nova.d/, which is automatically
|
||||||
|
loaded by OSLO when loading the main nova.conf. This makes it easier for users
|
||||||
|
to use the regular config generation while supplying credentials out of band.
|
||||||
|
...
|
||||||
Reference in New Issue
Block a user